search

oracle / graal

GraalVM compiles Java applications into native executables that start instantly, scale fast, and use fewer compute resources 🚀
https://www.graalvm.org
Other
20.23k stars 1.62k forks source link

[GR-44320] [native-image] Kerberos: Generated image is not respecting sun.security.jgss.native JVM argument #8674

Open aanavaneeth opened 5 months ago

aanavaneeth commented 5 months ago

As per https://docs.oracle.com/en/java/javase/11/security/accessing-native-gss-api.html#GUID-88A42A9C-AC8B-426E-A8A7-B30518C2162A, when sun.security.jgss.native flag is set to true, GSSManager.getInstance() should ideally give a GSSManager implementation using native gss implementation. However, that is not happening.

Below is a sample code.


    GSSManager gssManager = GSSManager.getInstance();
    try {
     //using reflection to expose a private method
    // using findLoadedClass method on classLoader to check if its native provider or not.
      ClassLoader gssClassLoader = gssManager.getClass().getClassLoader();
      Method m = ClassLoader.class.getDeclaredMethod("findLoadedClass", String.class);
      m.setAccessible(true);
     // prints null if not loaded, with graalvm native image, its always null.
      System.out.println(m.invoke(gssClassLoader, "sun.security.jgss.wrapper.SunNativeProvider")); 
      System.out.println("native true? {}" + System.getProperty("sun.security.jgss.native")); // this returns true as I have set the property
    }catch(Exception e) {
      LOG.info("error in reflection {}", e.toString());
    }

The same code works when running on JVM (including oracle graalvm without native image).

I have tried different flags like the below. But nothing worked: 

graalvmNative {
        binaries {
            main {
                buildArgs.add('--add-opens java.base/java.lang=ALL-UNNAMED') //for reflection
                buildArgs.add('--enable-native-access')
                buildArgs.add('-J-Dsun.security.jgss.native=true')
                buildArgs.add('-Dsun.security.jgss.native=true')
                buildArgs.add('-H:AdditionalSecurityProviders=sun.security.jgss.SunProvider') //based on https://github.com/oracle/graal/issues/5950#issuecomment-1746835465
            }
        }
    }

Environment: Podman container using Linux RHEL 8 Graalvm for JDK 22

aanavaneeth commented 5 months ago

Hi @fernando-valdez ! Any update on this?